Chill-project/ansible-role-chill
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bae6ecfde3
ansible-role-chill/templates/compose.yaml
Julien Fastré 76dfaf5d93
Update configs for trusted proxies, HTTPS, and log paths 
Revised proxy settings to dynamically include trusted IPs and ensured HTTPS redirections. Adjusted log mount path in Docker compose to align with application structure. Removed unused Traefik certificate volume for cleanup.
2025-01-10 12:49:43 +01:00

139 lines
4.6 KiB
YAML
Raw Blame History

services:
frontend:
image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ item.chill_image_tag }}
links:
- app:php
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
- "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure"
{%+ if item.tls_config == 'self_signed' +%}
- "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true"
{%+ endif +%}
{%+ if item.expose_port is not false +%}
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)"
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}"
{%+ if item.tls_config == 'self_signed' +%}
- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true"
{%+ endif +%}
{%+ endif +%}
networks:
- traefik
- default
restart: always
app: &defaultApp
image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ item.chill_image_tag }}
env_file:
- env_file.env
volumes:
- './config/prod:/var/www/app/config/packages/prod:ro'
- './var:/var/www/app/var:rw'
- '/var/logs/chill:/var/www/app/var/logs'
- '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage'
links:
- redis
- relatorio
- rabbitmq
{% if item.add_postgres -%}
- database
{%- endif %}
networks:
- default
restart: always
consumer:
<<: *defaultApp
entrypoint: "/usr/bin/env"
command:
- "/bin/bash"
- "-c"
- >
sleep 3 && bin/console cache:clear &&
while ! [ -f /tmp/kill_me ];
do
php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v;
done;
pre_stop:
- command:
- "/bin/bash"
- "-c"
- "touch /tmp/kill_me && bin/console messenger:stop-workers"
cron:
<<: *defaultApp
entrypoint: "/usr/bin/env"
command: ["bin/console", "chill:cron-job:execute", "-v"]
restart: "no"
{% if item.add_postgres %}
database:
image: "{{ database_image }}"
env_file:
- postgres.env
volumes:
- ./docker/db/data:/var/lib/postgresql/data:rw
networks:
- default
restart: always
{% endif %}
###> chill-project/chill-bundles ###
redis:
image: redis
networks:
- default
restart: always
relatorio:
image: registry.gitlab.com/champs-libres/public/relatorio-tornado/app:latest
networks:
- default
restart: always
###< chill-project/chill-bundles ###
# sign-worker:
# image: h3m6q87t.gra7.container-registry.ovh.net/sign-pdf-worker/worker:latest
# environment:
# AMQP_URL: amqp://guest:guest@rabbitmq:5672/%2f/to_python_sign
# LOG_LEVEL: INFO
# PKCS12_PATH: /etc/sign-pdf/dummy.p12
# TIMESTAMP_URL: http://freetsa.org/tsr
# QUEUE_IN: to_python_sign
# EXCHANGE_OUT: signed_docs
# OUT_ROUTING_KEY: signed_doc
# TSA_CERT_CHAIN: /etc/sign-pdf/tsa/tsa-chain.pem
# TSA_CONFIG_PATH: /etc/sign-pdf/rootca.conf
# TSA_KEY_PASSWORD: "5678"
# volumes:
# - "./resources/dev-certificate/dummy.p12:/etc/sign-pdf/dummy.p12:ro"
# - "./resources/dev-certificate/rootca.conf:/etc/sign-pdf/rootca.conf:ro"
# - "./resources/dev-certificate/tsa:/etc/sign-pdf/tsa:ro"
# - "./resources/dev-certificate/tsa_serial:/var/lib/tsa/tsa_serial:rw"
# links:
# - rabbitmq
# depends_on:
# rabbitmq:
# condition: service_healthy
rabbitmq:
image: rabbitmq:3-management-alpine
env_file:
- rabbitmq.env
healthcheck:
test: rabbitmq-diagnostics -q ping
interval: 30s
timeout: 30s
retries: 3
networks:
- default
restart: always
networks:
traefik:
external: true
default:
Reference in New Issue View Git Blame Copy Permalink